IT Audit

and Advisory

CNM is a premier provider of IT audit and advisory services, with the expertise to help clients achieve the strategic and financial objectives of their organization. We align our client’s information technology capabilities with these objectives, then perform detailed risk aligned services according to their specific needs. No matter what the task, we pride ourselves in being able to quickly identify specific problems and implement appropriate solutions. And we don’t mind sweating the small stuff so our clients can enjoy peace of mind.

CNM’s professionals act as an extension of your in-house team. We genuinely care about you and your business, and it shows in the quality of our work and the way we work with you. The result: you get a team of specialized IT professionals who are working with your best interest in mind.

IT Audit

and Advisory

CNM is a premier provider of IT audit and advisory services, with the expertise to help clients achieve the strategic and financial objectives of their organization. We align our client’s information technology capabilities with these objectives, then perform detailed risk aligned services according to their specific needs. No matter what the task, we pride ourselves in being able to quickly identify specific problems and implement appropriate solutions. And we don’t mind sweating the small stuff so our clients can enjoy peace of mind.

CNM’s professionals act as an extension of your in-house team. We genuinely care about you and your business, and it shows in the quality of our work and the way we work with you. The result: you get a team of specialized IT professionals who are working with your best interest in mind.

IT Internal Audit

The proliferation and dependency on emerging and core information technologies creates tremendous risk and opportunity for organizations. At CNM we understand that business-IT strategic alignment and sound IT governance forms the transformational foundation on which organizations can manage risk and capitalize on opportunities.  Our experience shows that traditional Internal Audit functions have focused on financial reporting related internal controls, regulatory compliance and marginal improvements to business and IT processes. Further these traditional Internal Audit focus areas, while important, often fail to address significant risks that account for the erasure of organization’s market value.

At CNM we believe Internal Audit must provide the organization with cross-functional subject matter professionals, who understand the organization’s strategic objectives, culture, processes, and procedures. Aligning this knowledge with Internal Audit, governance, risk, compliance and controls expertise allows Internal Audit to become a trusted assurance and advisory function within the organization.

Our ITS Internal Audit team integrates closely with the business process Internal Audit team to help ensure the appropriate identification of technology and data risk and a high degree of coordination and efficiency. Our professionals are all trained on CNM’s robust Internal Audit methodology and possess the experience and flexibility to adapt to your preferred Internal Audit delivery approach.

IT Internal Audit

The proliferation and dependency on emerging and core information technologies creates tremendous risk and opportunity for organizations. At CNM we understand that business-IT strategic alignment and sound IT governance forms the transformational foundation on which organizations can manage risk and capitalize on opportunities.  Our experience shows that traditional Internal Audit functions have focused on financial reporting related internal controls, regulatory compliance and marginal improvements to business and IT processes. Further these traditional Internal Audit focus areas, while important, often fail to address significant risks that account for the erasure of organization’s market value.

At CNM we believe Internal Audit must provide the organization with cross-functional subject matter professionals, who understand the organization’s strategic objectives, culture, processes, and procedures. Aligning this knowledge with Internal Audit, governance, risk, compliance and controls expertise allows Internal Audit to become a trusted assurance and advisory function within the organization.

Our ITS Internal Audit team integrates closely with the business process Internal Audit team to help ensure the appropriate identification of technology and data risk and a high degree of coordination and efficiency. Our professionals are all trained on CNM’s robust Internal Audit methodology and possess the experience and flexibility to adapt to your preferred Internal Audit delivery approach.

IT Sarbanes-Oxley

We recognize that organizations may not have the necessary resources available to support ongoing, evolving Sarbanes-Oxley compliance demands. By combining CNM’s project management, compliance, accounting, and IT technical expertise with your team’s knowledge of your business and technology infrastructure, we are able to establish and maintain efficient and high quality Sarbanes-Oxley 404 IT compliance programs.

CNM’s ITS team has direct experience assess­ing diverse system environments including large ERP, mainframe, complex cloud based, and legacy internally devel­oped applications. CNM relies on a structured and proven approach for scoping IT systems and performing multiple types of assessments, documentation and testing.

Our experienced ITS team understands and can articulate the business, financial reporting, IT related interdependencies, and internal control requirements. CNM leverages automaton software and governance frameworks such as CobiT in the delivery of our services.

Risk Assessment & Audit Planning
System Implementation Assessments
Internal Audit Co-Sourcing & Outsourcing
Sarbanes-Oxley Assistance

IT Sarbanes-Oxley

We recognize that organizations may not have the necessary resources available to support ongoing, evolving Sarbanes-Oxley compliance demands. By combining CNM’s project management, compliance, accounting, and IT technical expertise with your team’s knowledge of your business and technology infrastructure, we are able to establish and maintain efficient and high quality Sarbanes-Oxley 404 IT compliance programs.

CNM’s ITS team has direct experience assess­ing diverse system environments including large ERP, mainframe, complex cloud based, and legacy internally devel­oped applications. CNM relies on a structured and proven approach for scoping IT systems and performing multiple types of assessments, documentation and testing.

Our experienced ITS team understands and can articulate the business, financial reporting, IT related interdependencies, and internal control requirements. CNM leverages automaton software and governance frameworks such as CobiT in the delivery of our services.

Risk Assessment & Audit Planning
System Implementation Assessments
Internal Audit Co-Sourcing & Outsourcing
Sarbanes-Oxley Assistance

Cyber Security Services

With the increase and dependency on online services and social media, organizations are exposed to a higher amount of cyber risks. The definition of cybersecurity varies from company to company, but at its core, it is focused on protecting what is most valuable: intellectual property, personally identifiable information, Social Security Numbers, credit card information, healthcare records, or even the availability of physical infrastructure. The combination of these assets may be the very foundation of a company’s business model.

Given the volume and increased sophistication of cyberattacks, CNM   recommends leveraging an internal audit/assurance program based on the NIST Cybersecurity Framework, to provide a formal, repeatable and defined way to evaluate cybersecurity controls.

Where  possible,  CNM  relies  upon  other  operational  audits  and  knowledge  gained  through the ICFR process: incident management process, configuration management and security of networks and servers, security    management    and awareness, business continuity management, information security management, governance and management practices of both IT and the business units, and relationships with third parties. Our experienced cybersecurity resources balance security technology and your existing resources with sound governance.

Readiness Assessments
Information Privacy
Compliance
Phishing Simulations
Security Awareness Training
And More

Cyber Security Services

With the increase and dependency on online services and social media, organizations are exposed to a higher amount of cyber risks. The definition of cybersecurity varies from company to company, but at its core, it is focused on protecting what is most valuable: intellectual property, personally identifiable information, Social Security Numbers, credit card information, healthcare records, or even the availability of physical infrastructure. The combination of these assets may be the very foundation of a company’s business model.

Given the volume and increased sophistication of cyberattacks, CNM   recommends leveraging an internal audit/assurance program based on the NIST Cybersecurity Framework, to provide a formal, repeatable and defined way to evaluate cybersecurity controls.

Where  possible,  CNM  relies  upon  other  operational  audits  and  knowledge  gained  through the ICFR process: incident management process, configuration management and security of networks and servers, security    management    and awareness, business continuity management, information security management, governance and management practices of both IT and the business units, and relationships with third parties. Our experienced cybersecurity resources balance security technology and your existing resources with sound governance.

Readiness Assessments
Information Privacy
Compliance
Phishing Simulations
Security Awareness Training
And More

SOC Reporting

Organizations are increasingly focusing on optimizing their processes and lowering costs, which is driving a trend toward outsourcing business processes, systems, and data processing.

Service organizations can provide assurance to their customers over the design and effectiveness of their controls by using the System and Organization Controls (SOC) attestation reports issued under the Statement on Standards for Attestation Engagements (SSAE) No. 18.

Specific assurance reports are required for contractual, compliance, financial, and regulatory reasons, while other IT security-centric reports (SOC 2 and SOC 3) help provide assurance over the security, privacy, processing integrity, confidentiality, and availability (Trust Services Principles) controls of the service organization.

At CNM, we help assist our clients by helping them balance their contractual obligations with well- structured and high-quality SOC reporting in the most cost effective way.

Readiness Assessments

SOC for Cyber Security
SOC 1
SOC 2 & 3
Agreed Upon Procedures

IT Project Management &
ERP Advisory Services

Selecting, implementing and maintaining an ERP that meets management, internal audit and regulators’ requirements is a complex and demanding task. ERP developers and system integrators are not focused on your organization’s unique governance, risk and compliance requirements. Going live with a poorly implemented and controlled ERP poses significant operational and compliance risks. CNM’s

CNM’s IT project management and ERP advisory services approach can be tailored to almost any size project, or even to portfolios of projects and is applicable to a wide variety of IT projects, including vendor managed, agile and, traditional and cloud-based ERP deployments.

Assessment Services

Assessment services are tailored to provide an objective and independent view of the implementation project, compliance, and other relevant risks, throughout the project lifecycle. These services can be tailored to a unique compliance objective or project component e.g. Sarbanes-Oxley pre and post-implementation system reviews or data migration or interface testing.

Project Management or Implementation Assistance

Project management services involve CNM project and IT subject matter professionals who may assist with implementing project management structures and controls, and the on-going project facilitation activities required to successfully complete a specific project(s). These services may include the establishment of a project or program office and the implementation of sound project management protocols.

Implementation assistance may include supporting the technical integration team with functional specifications, system documentation, user training, data migration, system configurations, automate control documentation and design, role-based access design and other non-technical integration specific project tasks.

Project Risk Management and Monitoring

IT project monitoring services provide management with the processes and tools to effectively identify, measure and track project risks throughout the project lifecycle. Typical activities performed by CNM project management resources may include impact analyses, contingency planning, status reporting, and issue tracking.

ERP GRC Selection and Implementation

CNM’s professionals assist with selecting and implementing sustainable ERP GRC solutions. CNM’s IT team has extensive knowledge of ERP systems and GRC tools, including:

Microsoft Dynamics 
Oracle
NetSuite
PeopleSoft
Intacct
JDE
And More
SAP